Last year, the fallout from a string of breaches at major retailers like Target and Home Depot had consumers on edge. But 2015 is shaping up to be the year consumers should be taking a closer look at who is guarding their health information.

Data about more than 120 million people has been compromised in more than 1,100 separate breaches at organizations handling protected health data since 2009, according to Department of Health and Human Services data reviewed by The Washington Post.

“That’s a third of the U.S. population — this really should be a wake-up call,” said Deborah Peel, the executive director of Patient Privacy Rights.

The data may double-count some individuals if they had their information compromised in more than incident, but it still reflects a staggering number of times Americans have been affected by breaches at organizations trusted with sensitive health information. And the data does not yet reflect the hack of Premera, which announced this week that hackers may have accessed information, including medical data, on up to 11 million people.

Most breaches of data from health organizations are small and don’t involve hackers breaking into a company’s computer system. Some involve a stolen laptop or the inappropriate disposal of paper records, for example — and not all necessarily involve medical information. But hacking-related incidents disclosed this year have dramatically driven up the number of people exposed by breaches in this sector.

When Anthem, the nation’s second-largest health insurer, announced in February that hackers broke into a database containing the personal information of nearly 80 million records related to consumers, that one incident more than doubled the number of people affected by breaches in the health industry since the agency started publicly reporting on the issue in 2009.

“We are certainly seeing a rise in the number of individuals affected by hacking/IT incidents,” Rachel Seeger, a spokesperson for HHS’s Office for Civil Rights, said in a statement. “These incidents have the potential to affect very large numbers of health care consumers, as evidenced by the recent Anthem and Premera breaches.”

And some cybersecurity experts warn this may only be the beginning. “We’re probably going to see a lot more of these happening in the coming few months,” said Dave Kennedy, the chief executive of TrustedSEC.

Health organizations are targets because they maintain troves of data with significant resale value in black markets, Kennedy said, and their security practices are often less sophisticated than other industries. Now that some major players in the market have come forward as victims of cyberattacks other organizations are likely to take a close look at their own networks — potentially uncovering other compromises, he said.

“The information that companies like Anthem and Premera had is more valuable than just payment card information held by retailers or financial institutions,” said Scott Vernick, who heads up the data security and privacy practice at law firm Fox Rothschild. Credit card information has a relatively short shelf life, with new cards issued on a regular basis, he explained. But a health organizations often have complete profiles of people including Social Security numbers and medical health information that is much more difficult if not impossible to change.

Some of the data can be used to pursue traditional financial crimes — like setting up fraudulent lines of credit, Kennedy said. But it can also be used for medical insurance fraud, like purchasing medical equipment for resale or obtaining pricey medical care for another person.

This type of scheme is often not caught as quickly as financial fraud, experts said, and could have a lasting affect if it results in a person’s medical history containing false information. “In theory you could end up in an emergency situation, and if your records are contaminated by someone else’s information that could cause serious problems — like medical professionals believing you have a different blood type,” said Peel.

If a hacker is able to obtain information about a person’s medical condition, as it appears may have happened in the Premera breach but not the Anthem breach, there are additional risks. Information about mental health or HIV treatments could be made public, and there’s no way to truly make the information private again. “There’s almost no way to remedy this; there’s no recourse,” said Peel.

Health care providers already have to comply with government rules on protecting patient privacy, including HIPAA, which are enforced by HHS.

“Health care organizations need to make data security central to how they manage their information systems and to be vigilant in assessing and addressing the risks to data on a regular basis,” said Seeger, the HHS official. “In addition, organizations need to ensure they are able to identify and respond appropriately to security incidents when they do happen to mitigate harm to affected individuals and prevent future similar incidents from occurring.”

State-level officials are also increasingly involved in enforcement in this area, said Vernick, and consumers may have additional legal avenues depending on state laws.

But privacy and cybersecurity advocates say the industry and the government still aren’t doing enough to protect consumers.

“HIPAA required security be addressed, but it wasn’t spelled it out exactly how, so there was no culture of using ironclad security,” said Peel. “We have systems that are engineered as though this data is not sensitive and valuable.”

Health organizations sometimes rely on legacy systems, and some have not invested in cybersecurity at a rate that matches the urgency of the threats they face, Kennedy said. “The medical industry is years and years behind other industries when it comes to security.”

Even before the Anthem breach, major health insurers had become aware of the rising risk of cyberattacks. Aetna and United Health Group both cited the risks of hackers and breaches in their respective 2013 financialreports.

And the industry is already taking steps to coordinate how it responds to such incidents through groups designed to share information about digital threats — like the National Health Information Sharing and Analysis Center, or NHISAC. The organization is one of several efforts related to critical infrastructure that works with the Department of Homeland Security to share data about current threats, such as what sort of tactics are used and forensic information about attackers.

Members are able to share details about security incidents in “machine time” using an automated system, according to NHISAC executive director Deborah Kobza, and the group sends out daily threat updates. When a major cyberattack is disclosed, NHISAC erupts into a flurry of activity — trying to find out as much as possible so its members have information that can make it easier to see if they’ve been the victims of a similar attack.

And 2015 has already kept NHISAC busy: “We just caught our breath from the Anthem hack, and here we go again,” said Kobza about responding to the Premera breach.

The Centers for Medicare & Medicaid Services has paid out nearly $30 billion in meaningful use incentives for hospitals and physicians to adopt EHRs. But some members of Congress, the body that approved those funds, are about as frustrated with EHRs as doctors and nurses.

“The evidence suggests these goals haven’t been reached,” said Senator Lamar Alexander, R-Tennessee, in a long EHR hearing followed by Erin McCann, Healthcare IT News managing editor.

Robert Wergin, MD, president of the American Academy of Family Physicians, said that family physicians are having a difficult time with the Stage 2 meaningful use requirements. The “time, expense and effort it takes makes it not worth while,” said Wergin. Indeed, some 55 percent of physicians surveyed plan on skipping Stage 2 all together.

“The issue of interoperability between electronic health records represents one of the most complex challenges facing the healthcare community,” said Wergin. The government “must step up efforts to require interoperability.”

A central problem, as McCann wrote, is that “Vendors have no incentive to share data and create more interoperable systems. There’s the question of data ownership here. There’s the question of competition. And there’s the question of standards, or lack thereof.”

“The vendors are siloed,” as Wergin said. “And you’re held somewhat hostage by the vendor you have.”

President Barack Obama’s Precision Medicine initiative hinges on gathering data from millions of individuals, but there are challenges the healthcare industry will face when it comes to collecting that information, says Niam Yaraghi, a fellow in the Brookings Institution’s Center for Technology Innovation.

Interoperability and security are two issues plaguing the industry, which also will play a role in Obama’s initiative, the aim of which is to increase the use of personalized information in healthcare

“To succeed, the Precision Medicine initiative has to either overcome the lack of interoperability problem in the nation’s health IT system or to find a way around it,” he writes.

For now, those working on the project should get access to what medical records they can and then work with providers and vendors on gaining access to future records, Yaraghi says.

When it comes to privacy for precision medicine, problems the administration will face include setting up secure technologies and privacy regulations surrounding the project so that information cannot be accessed by malicious actors. In addition, when researchers begin to analyze data, they may uncover information patients do not want shared or known.

To ensure safety of information privacy, audits should be conducted by third parties, Yaraghi says. And if a data breach occurs, a patient’s participation in the study should be canceled and the patient should get financial compensation.

“The Precision Medicine initiative is a ‘Big Hairy Audacious Goal’ with exciting promises and priceless implications,” he writes. “[H]owever, to believe in its future success, it should first propose a plan to resolve the above mentioned patient privacy concerns and health IT challenges.”

PricewaterhouseCoopers with General Dynamics Information Technology, DSS Inc. and Medsphere; and

IBM and Epic Systems.

DOD is expected to award one of those teams – consisting of commercial vendors coupled with EHR developers – with the contract in June 2015.

While it’s too early to know whether there’s a frontrunner, IBM and Epic have arguably been the most proactive team. They were the first to announce their partnership in June 2014. Around the same time, IBM began hiring high-profile personnel to lead its health care efforts, including Dr. Keith Salzman, who spent 20 years with DOD’s military health system.

On Wednesday, IBM and Epic raised the bar in their bidding strategy, announcing the formation of an advisory group of leading experts in large, successful EHR integrations to advise the companies on how to manage the overhaul — if they should win the contract, of course.

The advisory group’s creation was included as part of IBM and Epic’s bid package, according to Andy Maner, managing partner for IBM’s federal practice.

In a press briefing at IBM’s Washington, D.C., offices, Maner emphasized the importance of soliciting advice and insight from the group. Members of the advisory board include health care organizations, such as the American Medical Informatics Association, Duke University Health System and School of Medicine, Mercy Health, Sentara Healthcare and the Yale-New Haven Hospital.

The board will advise on more than tech hurdles.

The advisory board also includes veterans who’ve dealt firsthand with challenging circumstances under DOD’s current system, which serves 10 million beneficiaries.

The lack of interoperability, particularly with off-network health care providers and the Department of Veterans Affairs’ own health records system, can put soldiers and transitioning veterans through unnecessary grief.

“I’m not trashing the current system, but you’re constantly getting referred out,” said retired Maj. William Lyles, who was wounded by an improved explosive device while serving as an Army Green Beret. “I want to add the patient’s perspective to this group.”

However, Epic, one of the largest players in the broader EHR market, has not been immune from criticism its own systems don’t interconnect well with competing systems.

A front-page New York Timesstory last fall reported the company had been criticized in some circles “by those who say its empire has been built with towering walls, deliberately built not to share patient information with competing systems.”

The IBM-Epic advisory board has already shared input and will continue to do so should the team capture the award.

As the due date on the contract award nears, Nextgov plans to check in with all the bidders on the contract.

A physician once told me that “your genes load the gun. Your lifestyle pulls the trigger.”

We were talking about how genetics play a role in the likelihood of a disease manifesting itself – and how the way we live also influences that likelihood. And it’s getting easier and faster for doctors and scientists to precisely understand which genes influence which diseases, and by how much.

This improved access and understanding of the genome, though, brings up challenges to the notion of ownership, consent, and privacy. Should a patient ask her siblings, parents and grandparents for permission to reveal genetic information? How much of a person’s genome should be tested, disclosed, or archived, per analysis?

Parental contribution only tells part of the story about our personal genome. We know that germ line genes – genes you are born with and persist over generations – can mutate and cause cancer, or diseases like cystic fibrosis and sickle cell anemia. And we can even test for a few hundred of the germ line’s Mendelian inherited diseases, such as Huntington’s, because they’re caused by a single gene. New York State, for example, tests every newborn child for about 40 genetic diseases that otherwise may not be identified at birth, but that may cause illness, mental retardation, or even death if not treated in the first weeks or months of life. Still other mutations are somatic; the result of changes to your genetics after birth. This is where a predisposition for certain cancers or diseases, from hypertension to Type-2 diabetes, interact with lifestyle.

It’s also where the issue of privacy gets nuanced.

The National Institutes of Health considers germ line information re-identifiable. It’s been shown that anonymous genetic data can, indeed, still identify individuals by connecting it with publicly available information.1 Genetic data describing somatic mutations is considered non-identifiable and therefore disclosed and disseminated with lesser concerns.

That identifiability is due to the fact that there is nothing more unique than your genome. It’s the difference between knowing someone’s cholesterol number, versus the genetic elements that influenced that number. The latter is more specific and closer to uniqueness, hence a greater aid at identifying that person. And it might also identify members of that person’s family.

Protecting your genes

My team studies these aspects of genomics research and privacy in our work on precision oncology, looking at treatment options based on somatic mutations that drive cancer. And 10 years ago, during our Genographic Project, we realized the definition of genetic privacy had to be broadened to the workplace. The policies established for that project later laid the first-of-its-kind legislative ground work for the 2008 Genetic Information Nondiscrimination Act (GINA).

As identifying genes, and processing entire genomes gets better and faster – and we discover more connections between genes and diseases – we will need new kinds of privacy protection. One area I’m exploring is around the fact that identifiability is not a binary attribute. Gene commonality ranges from the individually unique to across the populace. We need to ask: what is a more sophisticated metric for the identifiability of our genetic data?

Register for the Computer History Museum’s Techonomy BIO on March 25, where Dr. Royyuru will discuss “Who Owns Your Genetic Data?” and “The Internet of (Bio)Things.”

Deprivation has a way of making you feel excessively thankful for even the most meager offering. Yoni Maisel, a reflective patient and patient advocate with a rare genetic primary immune deficiency disorder, conveyed just this sense of disproportionate gratitude in an exuberant recent piece describing the impact of technology on his life.

Inspired by Eric Topol’s new book, The Patient Will See You Now, highlighting the power of the smartphone (my WSJ review here), Maisel went out and bought one. He then received (on his smartphone) an email from a doctor who had read about the symptoms Maisel had previously described on his blog related to a second, extremely rare disease he has (Sweet’s Syndrome), and thought she had a patient with a similar condition. After viewing photos of skin lesions Maisel took (with his smartphone) and shared with her (with his smartphone), the doctor was reportedly convinced her patient had Sweet’s Syndrome as well.

Maisel tweeted enthusiastically that Topol’s book (and, implicitly, the technology he champions) “Just Played Part in Dx of 1in 1Million #RareDisease.”

A somewhat different reaction was shared by Rick Valencia, Head of Qualcomm Life, who commented, via Twitter; “Shocking that buying a smartphone and sending a pic considered a tech breakthrough. #onlyinhealthcare”

On the one hand, of course, Maisel’s story obviously represents a terrific outcome for the newly-diagnosed patient, and – precisely as Maisel and Topol emphasize – highlights one way smartphone technology can improve medical care.

At the same time, Maisel’s joy, paradoxically, also reminds us of a deep flaw in the system, as Valencia’s comment begins to suggest. At issue: poor data sharing, a medical tragedy of underappreciated dimension. Valuable, even vital information often remains uncaptured, unanalyzed, and, especially, unshared.

The human consequences associated with poor data sharing were poignantly described by Seth Mnookin in his New Yorker article last year profiling a family whose son, Bertrand was born with a mysterious disease that eluded rapid identification. The family (like an estimated 25% of patients with unknown genetic disorders) was able to obtain a diagnosis by exome sequencing, yet struggled to locate others with a similar condition. It wasn’t until the father, Matt Might, blogged about it – and had the story picked up by Reddit and others – that he was able to locate others with the disease.

The key point is that the networks afforded by Reddit were fundamentally richer than any medical dataset. If someone – the father in the Mnookin story, the doctor in Maisel’s story – wants to find others who have similar genetics and phenotypes, they need to rely on public, non-medically-specific networks because these networks, while not purpose-built, are nevertheless far denser, and often, it seems, the best option available. The issue this speaks to is what I’ve heard referred to as Matticalfe’s Law, named by physician and informaticist John Mattison to suggest a variant of the familiar Metcalfe’s Law. (Disclosure: while I’ve no business relationship with Mattison, he is co-chair of the Global Alliance for Genetics and Health eHealth working group, on which I serve. Also, to offer my usual reminder/disclosure, I am CMO at DNAnexus, a company that makes a cloud-based platform for genomic data management and collaboration).

Metcalfe’s Law is the idea that the value of a network is proportional to the square of the number of participants – i.e. adding more people to a network increases value not linearly, but exponentially. It’s a key principle underlying the concept (and power) of networks (though not without its critics – see here).

Matticalfe Law, as Mattison explains it, is that “the value of data silos is very limited, but when deployed in aggregate yields a law of accelerating returns rather than a law of diminishing returns, similar to the network effect of Metcalfe’s law.” Mattison adds he “hybridized the eponym to distinguish it from the classical network effect, hence Matticalfe’s Law.”

One implication here is that if every cancer center, every medical center, every rare disease center shared their data fully, then as a whole, these data would be profoundly more valuable and useful. The chances that a patient with an unusual mutation and phenotype would have someone like them, somewhere in the world, would be so much higher.

So why isn’t this done?

For starters, most hospitals – even leading centers — are struggling to meaningfully organize the genetic and phenotypic data of their own patients in a fashion that can truly inform clinical decision making, as I discussed late last year; thus, you can argue that it’s hard to share with others what you can barely grasp yourself.

A second factor, of course is privacy; medical centers typically emphasize the special nature of medical data, and express concern about the fate of rich information in a shared dataset.

Yet, many experts are skeptical that this represents the true (or only) explanation; as Mnookin writes,

‘If you want to be charitable, you can say there’s just a lack of awareness’ about what kind of sharing is permissible, Kohane said. ‘If you want to be uncharitable, you can say that researchers use that concern about privacy as a shield by which they can actually hide their more selfish motivations.’”

In other words, even if top centers were able to collect and usefully organize phenotypic and genetic data on patients, would they share most of this information or silo it?

I’m not sure I know anyone who would bet against “silo.”

Whether consciously recognized or not, these data are perceived as representing a competitive advantage for the institutions and individuals who generated them (and notably, in this context, the “generating individual” is understood to be the researcher, not the patient!).

Leading cancer centers (for example) have more data than most other hospitals and practices – even though their total share of cancer patients is relatively small, as something like 85% of cancer care occurs in the community. In a world without rich data sharing, today’s top cancer centers enjoy a distinct competitive advantage; their datasets (and more broadly, their experience sets), while individually small in the absolute sense, are large compared to most community hospitals and practices. However, in a world with richer data sharing, these leading centers would arguably lose much of their competitive advantage – even though the global quality of cancer care would likely go up, driven by the knowledge the richer dataset would provide. Thus, it’s perhaps not surprising that most leading cancer centers talk up data sharing far more than they engage in it – at least at anything like the rich level that would be ideal to advance medical science. (Of course, there are encouraging exceptions to this generalization.)

The need for rich data sharing to accelerate what Andy Grove calls “knowledge turns” (link here – ironically but not surprisingly, preview only; JAMA has not made this open access) has both frustrated and motivated patient advocates such as Chordoma Foundation co-founder Josh Sommer, who has worked tirelessly to change the system (see here, also here).

Nevertheless, both in the context of scientific research and in the context of patient care, the unfortunate truth is that while it’s fashionable to profess commitment to data sharing, many hospitals, and many researchers, are reluctant to part with data.

“What if you owned a business and one of your competitors said: ‘I would like a list of all your customers, as well as information on their demographics and health history.’ You would likely say, there is no way I’m giving you a list of my customers.

Well in the case of healthcare, customers = patients.”

Instead, the idea of the moment seems to be “federated” datasets – the idea that everyone can keep their own datasets, but query engines could specifically extract the exact, relatively limited data they need, affording, it’s suggested, many of the benefits of data pooling but without incurring many of the risks. There’s a conspicuous “assume a can opener” quality to this strategy, but it’s worth watching because some very smart people (and organizations) are working intensively on this — and because it might be the best we can hope for.

One alternative to this idea is that patients could contribute their own data into datasets, which could be used for the common good. This is obviously attractive conceptually, but the challenge is more pragmatic: while some patients are both motivated and technologically adept, most patients struggle exhaustively just to get a handle on all of their own medical records, and most are unlikely to have the time, inclination, and ability to share – beneficial as this would be.

An idea I’ve been thinking about (see here, here) is the notion of the data-inhaling clinic, medical centers built around the premise of rich data collection and sharing, and offering genuine interoperability. Patients choosing to seek care here would explicitly want their data shared, and in turn would benefit from the data sharing of others. Consent to share data (which could always be withdrawn) would be a foundational condition of care at these centers, and a reason enlightened patients would seek treatment there (in addition to the empathetic care, which as always remains elemental). Institutions subscribing to this philosophy would not need to have the same owner, nor even the same EMR – just the same commitment to rich and complete data sharing among participating institutions. (Sharing data only among participants seems necessary, at least initially, to avoid free-rider problem; the point is that any organizations willing to share appropriately-consented data in substantial fashion could belong to the network.)

While some patients might not like this approach, those in favor would vote with their feet, and I can imagine that the rich, consented dataset the subscribing, data-inhaling clinics would build would rapidly exceed those available elsewhere in the world. Perhaps at this point, holdout institutions – which I imagine would include top academic medical centers – would finally relent and join as well.

The aspiration would be that in a world of rich data sharing, making diagnoses based on the combination of unusual symptoms and unusual genetics wouldn’t be exceptional, or even tweet-worthy; rather it would be — and should be — the expectation.

MINNEAPOLIS — Jerome Pate, a homeless alcoholic, went to the emergency room when he was cold. He went when he needed a safe place to sleep. He went when he was hungry, or drunk, or suicidal.

“I’d go sometimes just to have a place to be,” he said.

He made 17 emergency room visits in just four months last year, a costly spree that landed him in the middle of an experiment to reinvent health care for the hardest-to-help patients here in Hennepin County.

More than 11 million Americans have joined the Medicaid rolls since the major provisions of the Affordable Care Act went into effect, and health officials are searching for ways to contain the costs of caring for them. Some of the most expensive patients have medical conditions that are costly no matter what. But a significant share of them — so-called super utilizers like Mr. Pate — rack up costs for avoidable reasons. Many are afflicted with some combination of poverty, homelessness, mental illness, addiction and past trauma.

Jerome Pate, a homeless alcoholic, made 17 emergency room visits in just four months last year, which landed him in the middle of Hennepin County’s experiment to better manage cases like his.Credit Angela Jimenez for The New York Times

They raise a new question for the health care system: What is its role in tackling problems of poverty? And will addressing those problems save money?

“We had this forehead-smacking realization that poverty has all of these expensive consequences in health care,” said Ross Owen, a county health official who helps run the experiment here. “We’d pay to amputate a diabetic’s foot, but not for a warm pair of winter boots.”

“This is a holy grail in research right now,” said John Vu, a vice president at Kaiser Permanente, one of the largest insurers and care providers in the country. Kaiser has about two dozen projects in the United States, including in Denver, where medical teams screen for food insecurity.

Here in Hennepin, a fist-shaped county that encompasses Minneapolis, the pilot program is focused on about 10,000 people — mostly men, all poor, some homeless — who were covered when the state expanded Medicaid under the Affordable Care Act. It is paid for with state and federal Medicaid dollars and run by the county government and the safety-net hospital.

The aim is to fix patients’ problems before they become expensive medical issues, so the county put its social services department to work. Its workers help people get phones and mailboxes, and take care of unpaid utility bills that otherwise could lead, for example, to insulin spoiling in nonfunctioning refrigerators. The project has even invested in a place where inebriated patients can sober up instead of going to the emergency room.

The idea — to eliminate avoidable hospital use — went against years of economic habit. Hospitals make money by charging per visit and procedure, and fewer of both would dent revenues. So the state offered a carrot: The hospital, Hennepin County Medical Center, a series of gray buildings and glass walkways, would be paid a fixed amount per patient and it would get to keep the money even if patients did not show up, or used less medical care than was paid for. The pilot program would work on caring for patients in places outside the hospital that are cheaper.

The arrangement, a stark departure from past practice, is increasingly common, part of the changes wrought by the health care law. The federal government has made similar deals with health systems for Medicare patients.

Some early experiments have found little or no savings in the short term. But in Hennepin County, medical costs have fallen on average by 11 percent per year since 2012 when the pilot program began, enough to keep it going and the hospital involved. Some of the biggest cost reductions were among the more than 250 patients who were placed into permanent housing.

The future of such efforts is uncertain. For programs that work to actually take root, more states and insurance companies may need to expand what they are willing to cover, for example, housing assistance, said Allison Hamblin, an expert at the Center for Health Care Strategies.

And it is unclear if private health systems — which have little experience in taking care of social needs and still make most of their money per procedure — will be as enthusiastic as Hennepin County Medical Center.

“We often hear comments that amount to ‘Are you asking me to fight the war on poverty?’ ” said Kelly W. Hall, a senior vice president at Health Leads, a nonprofit organization that helps medical teams connect patients to social services. “But doing nothing is ‘don’t ask, don’t tell’ when it comes to the realities of patients’ lives. People aren’t comfortable with that either.”

Mr. Pate, 51, came to the Hennepin County hospital’s emergency room last summer complaining of chest pains and thoughts of suicide. His arrival flickered on the screen of a social worker, Cerenity Petracek. She marched out to the emergency room to meet him.

“I was thinking ‘Who is this person?’ ” Mr. Pate recalled, noting that she was not wearing a doctor’s coat. “How’s she supposed to help me?”

She spent over an hour with him and learned that he was homeless and addicted to cocaine and alcohol. She called around, found a treatment program that would accept him, helped him fill out the paperwork and then put him in a car to make sure he got there. A doctor later diagnosed a major heart blockage.

For the hardest-to-reach patients, there are outreach workers in the community. Such positions have been rare in health care because neither Medicare nor Medicaid would cover them. But the Affordable Care Act has opened up new ways to do so.

On a frigid morning in February, Prugh Jose, 42, a soft-spoken homeless man suffering from alcoholism and anxiety, called T.J. Redig, an outreach worker who was part of his medical team. Mr. Redig — who wears stylish wool hats and writes novels in his spare time — has a friendly, easygoing manner that earned Mr. Jose’s trust.

Mr. Jose needed to get to the clinic for an appointment about his seizures (from a head injury on a construction job) but had forgotten the time for it. He had not eaten since the previous morning. His ex-wife offers him a couch when he can contribute food, but he had none, and spent the night outside.

“It was cold last night, Prugh,” said Mr. Redig, 29, steering his dented green Pontiac onto the Interstate. He has even picked up Mr. Jose from the highway overpass where he panhandles.

“Yeah, really cold,” Mr. Jose said. “I went to see my buddies and stuff, but no one opened up.”

By the time Mr. Jose got to the clinic, he had missed his appointment. But he was gaining things that could help prevent an emergency later. A community health worker gave him a bag of food: frozen chicken, cereal and canned fruit. The receptionist handed him apple juice, which he used to take anti-seizure pills.

“Better,” he said, after a long swig.

A version of this article appears in print on March 23, 2015, on page A13 of the New York edition with the headline: Ounce of Prevention: Health Care Systems Try to Cut Costs by Aiding Poor. Order Reprints|Today’s Paper|Subscribe